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(54) IC card, portable terminal, and access control method 



(57) An IC card 16 according to the present inven- 
tion is provided with an electronic value storing means, 
a request acquiring means, a verifying means, and an 
output means. The request acquiring means acquires 
an access request from display application 151 to elec- 
tronic value 161 stored In the electronic value storing 
means, along with application authentication informa- 
tion held by the display application 151. The verifying 
means determines the validity of the application authen- 
tication information In accordance with the access re- 
quest acquired by the request acquiring means. When 
the verifying means determines that the application au- 
thentication information is valid, the output means out- 
puts substantive information of the electronic value 1 61 
to the display application 151. 
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Description 

BACKGROUND OF THE INVENTION 

Field of the Invention 

[0001] The present Invention relates to an IC card, a 
portable terminal, and an access control method. 

Related Background Art 

[0002] In recent years, portable terminals detachably 
provided with IC cards (including IC chips) have been 
developed with advance of multifunctionality of portable 
terminals and with achievement of large capacity of re- 
cording media. An IC card holds user-specific data 
therein like information for identifying a user (ID, pass- 
word, etc.) and a telephone number, and these data is 
normally encrypted in order to prevent falsification and 
replication thereof, or forgery of the IC card. 
[0003] On the other hand, the increase in speed of ra- 
dio communication and the development of data com- 
pression technologies has put information communica- 
tion systems that permit portable terminals to acquire 
desired content data from server apparatus through net- 
works such as the Internet and others, into practical use. 
In electronic transactions making use of such systems, 
electronic values are sometimes used as paying means 
without use of credit cards or cash. 
[0004] An electronic value is digitized data which ex- 
presses some economical worth or into which some 
economical worth is transubstantiated. Examples of the 
electronic values include electronic money (also called 
electronic cash or electronic currency) expressing mon- 
etary value, electronic tickets provided in prepaid sys- 
tems, and so on. An electronic ticket contains a record 
of data to be displayed in order to implement the function 
of the electronic ticket (the data will be hereinafter re- 
ferred to as "substantive information"). 

SUMMARY OF THE INVENTION 

[0005] However, the above prior art had the problem 
as described below. Namely, since the IC card is detach- 
ably mounted in the portable terminal, the user of the 
portable terminal can use the same IC card in a plurality 
of portable terminals through insertion and removal of 
the IC card. In order to permit the user of the portable 
terminal to utilize the aforementioned electronic value 
while effectively making use of such convenience of the 
IC card, it is desirable to store the electronic value inside 
the IC card. 

[0006] However, the storage of the electronic value in 
the IC card raises concern about the disadvantage as 
follows. Namely, types of application programs down- 
loadable into the portable terminals are rapidly increas- 
ing with increase in the capacity of data stored in the 
portable terminals and with development of radio com- 



munication technologies. Accordingly, if access to the 
electronic value is permitted according to access re- 
quests from ail the application programs held in the port- 
able terminal, there will arise concern about unauthor- 

5 ized use of the electronic value, which is undesirable in 
terms of security. 

[0007] in view of the above circumstances, an object 
of the present invention is therefore to realize an IC card, 
a portable terminal, and an access control method per- 

10 mitting storage and readout of electronic value while 
maintaining high security. 

[0008] In order to solve the above problem, an IC card 
according to the present invention is an IC card com- 
prising: electronic value storing means for storing an 

IS electronic value; request acquiring means for acquiring 
an access request from an application program to the 
electronic value stored in the electronic value storing 
means, along with application authentication informa- 
tion held by the application program; verifying means for 

20 determining validity of the application authentication in- 
formation in accordance with the access request ac- 
quired by the request acquiring means; and output 
means for outputting substantive information of the elec- 
tronic value to the application program when the verify- 

25 ing means determines that the application authentica- 
tion information is valid. 

[0009] An access control method according to the 
present invention is an access control method in which 
an IC card acquires an access request from an applica- 

30 tlon program, the access control method comprising: a 
request acquiring step wherein the IC card acquires the 
access request from the application program to an elec- 
tronic value stored in electronic value storing means, 
along with application authentication information held by 

35 the application program; a verifying step wherein the IC 
card determines validity of the application authentica- 
tion information in accordance with the access request 
acquired in the request acquiring step; and an output 
step wherein when it is determined in the verifying step 

40 that the application authentication information is valid, 
the IC card outputs substantive information of the elec- 
tronic value to the application program. 
[0010] According to these aspects of the invention, 
when it is determined that the application authentication 

45 information, which was acquired along with the access 
request from the application program to the electronic 
value, is valid, the substantive information of the elec- 
tronic value is outputted to the application program. 
Namely, the IC card permits an access request from an 

50 application program with valid application authentica- 
tion information but rejects an access request from an 
application program without valid application authenti- 
cation information. This enables the IC card to control 
the access to the electronic value according to the ap- 

55 plication programs and thus makes It feasible to imple- 
ment storage and readout of the electronic value while 
maintaining high security. 

[0011] In the IC card according to the present inven- 
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tion, preferably, the application authentication informa- 
tion includes a digital signature and a public key certifi- 
cate. 

[001 2] In the access control method according to the 

present invention, preferably, the application authenti- 
cation information includes a digital signature and a pub- 
lic key certificate. 

[0013] According to these aspects of the invention, 
the application authentication information includes the 

digital signature and the public key certificate. When the 
IC card is configured to determine the validity of the ap- 
plication program having requested access, based on 
the combination of the digital signature with the public 
key certificate, the access control can be performed with 
higher degree of accuracy. As a consequence, it be- 
comes feasible to implement the storage and readout of 
the electronic value while maintaining a higher security 
level in the IC card. 

[0014] In the IC card according to the present inven- 
tion, preferably, the application authentication informa- 
tion further includes an attribute certificate. 
[001 5] In the access control method according to the 
present invention, preferably, the application authenti- 
cation information further includes an attribute certifi- 
cate. 

[001 6] The privilege information of the public key cer- 
tificate is fixed within a period of validity, whereas for the 
privilege information of the attribute certificate the user 
is allowed to set a period of validity independent of the 
public key certificate. According to these aspects of the 
invention, therefore, the user can readily change the 
privilege information of the certificate, without need for 
a procedure of reissuing another certificate. 
[001 7] The IC card according to the present invention 
may be constructed in a configuration further compris- 
ing: physical information storing means for storing a 
physical information item indicating a physical feature 
of a principal; and determining means for collating the 
physical Information stored in the physical information 
storing means, with a physical information item of a user 
having made the access request, to determine the iden- 
tity of the physical information items, wherein when the 
determining means determines that the physical infor- 
mation items are identical with each other, the request 
acquiring means acquires user authentication informa- 
tion reflecting the result of the determination, wherein 
the verifying means determines validity of the user au- 
thentication information in accordance with the access 
request acquired by the request acquiring means, and 
wherein when the verifying means detemilnes that the 
user authentication information Is valid, the output 
means outputs the substantive information of the elec- 
tronic value to the application program. 
[0018] The access control method according to the 
present Invention may be configured as a method fur- 
ther comprising a determining step wherein the IC card 
collates a physical information item indicating a physical 
feature of a principal, stored in physical information stor- 



ing means of the IC card, with a physical information 
item of a user having made the access request, to de- 
termine the identity of the physical information items, 
wherein the request acquiring step is configured so that 

5 when It is determined in the determining step that the 
physical information items are identical with each other, 
the IC card acquires user authentication information re- 
flecting the result of the determination, wherein the ver- 
ifying step is configured so that the IC card determines 

10 the validity of the user authentication information In ac- 
cordance with the access request acquired in the re- 
quest acquiring step, and wherein the output step is con- 
figured so that when it is determined in the verifying step 
that the user authentication information is valid, the IC 

15 card outputs the substantive information of the electron- 
ic value to the application program. 
[0019] According to these aspects of the invention, 
when it is determined that the physical infomnation item 
of the principal (a regular registrant of the IC card) is 

20 Identical with the physical Information Item of the user 
having made the access request, the substantive infor- 
mation of the electronic value is outputted to the appli- 
cation program. Namely, the IC card performs personal 
identification with reference to the physical information, 

25 so as to admit an access request based on a command 
of the principal but reject an access request based on a 
command of any other person than the principal. This 
enables the access control based on the combination of 
the application program authentication with the user au- 

30 thentlcation and further raises the security level of the 
IC card. 

[0020] In the IC card according to the present inven- 
tion, preferably, the physical information items are fin- 
gerprint information items. 

35 [0021] In the access control method according to the 
present Invention, preferably, the physical information 
Items are fingerprint information items. 
[0022] According to these aspects of the invention, 
the fingerprint information items are used as information 

40 indicating the physical feature of the principal, for the 
personal identification of the user having made the ac- 
cess request. Accordingly, through such an easy oper- 
ation that the user lets a fingerprint reader read a finger- 
print of a finger, the IC card can perform accurate per- 

45 sonal identification, as compared with the authentication 
methods making use of a personal identification number 
or a password. The physical information used for the us- 
er authentication is not limited to the fingerprint informa- 
tion, but may be, for example, information about the Iris 

50 or retina of the eye, a voice spectrum, a face Image, or 
the like. Such user authentication making use of the 
physical Information is extremely resistant in principle to 
spoofing and contributes to highly accurate personal 
identification. 

55 [0023] In the IC card according to the present Inven- 
tion, more preferably, the access request is a request 
for display of the substantive information, and the output 
means makes display means display the substantive In- 
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formation of the electronic value in accordance with the 
display request. 

[0024] In the access control method according to the 
present Invention, more preferably, the access request 
is a request for display of the substantive information, 
and in the output step the IC card makes display means 
display the substantive information of the electronic val- 
ue in accordance with the display request. 
[0025] Among the electronic values, a considerable 
number of electronic values can implement functions 
specific thereto only when displayed (visualized) on the 
display means, like the electronic tickets or the like. In 
the case of such electronic values in particular, there- 
fore, it is expected that the access request to the elec- 
tronic value will be a request for display of the substan- 
tive information of the electronic value. Foi* this reason, 
the substantive Information is read out of the IC card 
and displayed on the display means, whereupon the us- 
er is allowed to read the electronic value. 
[0026] In the IC card according to the present inven- 
tion, preferably, the electronic value is an electronic tick- 
et. 

[0027] In the access control method according to the 
present invention, preferably, the electronic value is an 
electronic ticket. 

[0028] When receiving a display request from an ap- 
plication program to an electronic ticket, the IC card ver- 
ifies the validity of the application program whereby the 
substantive information of the electronic ticket is pre- 
vented from being displayed by an application program 
whose validity ha not been verified yet. This can prevent 
unauthorized use of the electronic ticket. When com- 
pared with the electronic money, the electronic tickets 
are often of intended use, and involve less concern 
about unauthorized use. Accordingly, an issuer of elec- 
tronic tickets can distribute the electronic tickets more 
safely and efficiently. 

[0029] In the IC card according to the present inven- 
tion, more preferably, the electronic value storing means 
possesses tamper resistance. 
[0030] In the access control method according to the 
present invention, more preferably, the electronic value 
storing means possesses tamper resistance. 
[0031] According to the present invention, the elec- 
tronic value is stored in the electronic value storing 
means with tamper resistance. This limits the access to 
the electronic value from the outside. Therefore, It is fea- 
sible to prevent injustices including falsification, theft, 
etc. of the substantive information by a third person. As 
a result, it is feasible to ensure security of the electronic 
value and confidentiality of the IC card. 
[0032] A portable terminal according to the present in- 
vention comprises the aforementioned IC card detach- 
ably mounted, and application program storing means 
in which the application program Is stored. As in this 
case, the present invention can not be applied to only 
the IC cards, but can also be applied to the portable ter- 
minals, of course. 



[0033] The present invention will become more fully 
understood from the detailed description given herein 
below and the accompanying drawings which are given 
by way of Illustration only, and thus are not to be con- 

5 sidered as limiting the present invention. 

[0034] Further scope of applicability of the present in- 
vention will become apparent from the detailed descrip- 
tion given hereinafter. However, it should be understood 
that the detailed description and specific examples, 

10 while indicating preferred embodiments of the invention, 
are given by way of illustration only, since various 
changes and modifications within the spirit and scope 
of the invention will become apparent to those skilled in 
the art from this detailed description. 

15 

BRIEF DESCRIPTION OF THE DRAWINGS 
[0035] 

20 Fig. 1A is a diagram showing the configuration of 
the portable terminal and Fig. 1B a diagram show- 
ing the functional configuration of the IC card. 
Fig. 2 is a conceptual diagram showing a configu- 
ration example of the display application. 

25 Fig. 3 is a conceptual diagram showing the config- 
uration of the electronic value. 
Fig. 4 is a conceptual diagram showing the config- 
uration of the access list. 

Fig. 5 is a flowchart showing the first half of the ac- 

30 cess control processing executed by the portable 
terminal. 

Fig. 6 is a flowchart showing the second half of the 
access control processing executed by the portable 
terminal. 

35 Fig. 7 is a conceptual diagram showing another 
configuration example of the display application. 

DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

40 

[0036] Aportable terminal according to the present in- 
vention wilt be described below with reference to the ac- 
companying drawings. 

[0037] The configuration will be described first. Fig. 

45 1 A is a block diagram showing the functional configura- 
tion of portable terminal 10. The portable terminal 10 is 
comprised of a control unit 1 1 , an input device 1 2, a RAM 
1 3, a display device 1 4, a storage device 1 5, an IC card 
1 6, a radio communication device 1 7, a fingerprint read- 

50 er 1 8, and a sound processing device 1 9. These devices 
each are electrically connected through bus 20 so as to 
be able to send and receive various signals to and from 
each other. 

[0038] The control unit 11 is configured to retrieve a 
55 program from the storage device 1 5 into the RAM 1 3 
and perform concentrated control over each part ac- 
cording to the program. Specifically, the control unit 11 
executes a variety of processing including an access 
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control process to data (e.g., electronic value 161) 
stored in the IC card 16, in accordance with an input 
signal from the input device 12 and the program re- 
trieved into the RAM 13, and temporarily saves the re- 
sult of the processing in the RAM 13. Then it stores the 
processing result saved in the RAM 13, into a predeter- 
mined area inside the storage device 1 5 according to 
need. 

[0039] The input device 12 is provided with various 
operation buttons for ordering selection of data and 
processing, ON/OFF of power, etc., and these various 
operation buttons are depressed alone or in combina- 
tion to output an input signal according to a command 
to the control unit 1 1 . The input device 1 2 is constructed 
of a transparent screen (so called a touch screen) in 
which devices for sensing contact with a finger or a ded- 
icated pen are arranged on a display screen of display 
device 14, and is configured to output input signals ac- 
cording to coordinates of contact points to the control 
unit 1 1 . The way of sensing contacts can be any method, 
e.g., a pressure-sensitive method of sensing change in 
pressure, an electrostatic method of sensing electric 
signals based on static electricity, and so on. 
[0040] The RAM (Random Access Memory) 13 is 
constructed of a volatile semiconductor memory and is 
configured to temporarily save a program retrieved from 
the storage device 1 5 described below or data during 
the various processing executed by the control unit 1 1 . 
The RAM 13 also has the function of VRAM (Video 
RAM) for temporarily saving data to be displayed on the 
display device 14. 

[0041 ] The display device 1 4 is constructed of an LCD 
(Liquid Crystal Display), an EL (Electro Luminescence) 
device, or the like and is configured to display data on 
its screen In accordance with display signals from the 
control unit 1 1 . The touch screen as the input device 1 2 
as described above is laid over the screen of the display 
device 14. 

[0042] The storage device 1 5 is constructed of a non- 
volatile semiconductor memory such as an EEPROM 
(Electrically Erasable and Programmable ROM), and is 
configured to store data necessary for execution of var- 
ious processing, data generated as a result of execution 
of various processing, and so on. The storage device 
1 5 stores an application program for display of data on 
the display device 1 4 (hereinafter referred to as "display 
application 151"). Furthermore, the storage device 15 
also stores a fingerprint authentication program 152 for 
execution and control of fingerprint reader 1 8 described 
later. This fingerprint authentication program 152 is 
based on tamper-resistant software In order to enhance 
the confidentiality and make the falsification and abuse 
harder. 

[0043] The display application 151 will be described 
below with reference to Fig. 2. As shown in Fig. 2, the 
display application 1 51 has a digital signature 1 51 a and 
a public key certificate 151b. 

[0044] The digital signature 1 51 a is an electronic sig- 



nature issued and added by a certification organization 
being a third party, in order to ensure the validity of the 
display application 151 and clearly demonstrate the 
place of origin thereof. From the viewpoint of preventing 
5 leakage, the digital signature 1 51 a is preferably an en- 
crypted signature. 

[0045] The public key certificate 151b has Extension 
(extended zone) 151c of the predetennined specifica- 
tion (e.g., the specification compliant with X.509) set by 

10 ITU-T. The Extension 151c contains a record of privilege 
Information 151d to be collated with an access list 161c 
held by the electronic value 161 described later. 
[0046] The IC (Integrated Circuit) card 1 6 is a card or 
chip type recording medium detachably mounted in the 

15 portable terminal 1 0. The IC card 1 6 stores data to be 
displayed on the display device 14 by a predetermined 
application program (e.g., the display application 151). 
The IC card 1 6 is desirably configured as a tamper-re- 
sistant device with high confidentiality, in view of secrecy 

20 and security of data. 

[0047] Fig. IB is a diagram showing the functional 
configuration of the IC card 1 6. As shown in Fig. 1 B, the 
IC card 16 is provided with an electronic value storage 
16a, an access request acquirer 16b, an authentication 

25 Information validity determiner 1 6c, a substantive infor- 
mation output 16d, a physical Information storage 16e, 
and a physical information identity determiner 16f. 
These parts correspond to the electronic value storing 
means, request acquiring means, verifying means, out- 

30 put means, physical Information storing means, and de- 
termining means, respectively. In addition, although on- 
ly the indispensable composition elements of iC card 1 6 
according to the present invention are illustrated in Fig. 
1 B, this doesn't suppose that IC card 1 6 does not have 

35 the composition elements which the conventional IC 
card has. 

[0048] The electronic value 1 61 will be described be- 
low in detail, as an example of the data stored in the 
electronic value storage 16a of the IC card 16. Fig. 3 is 
40 a diagram showing a data configuration example of the 
electronic value 161. As shown In Fig. 3, the electronic 
value 161 has sul)stantive information 161a, privilege 
information 161b, an access list 161c, and a digital sig- 
nature 1 61 d. 

45 [0049] The substantive information 1 61 a is data to be 
displayed on the display device 14 by the application 
program requesting display (e.g., the display application 
1 51 ) when the user of the portable terminal 1 0 uses the 
electronic value 1 61 . The substantive information 1 61 a 

50 varies depending upon uses and types of electronic val- 
ues, and, for example, in the case of the electronic value 
161 being an electronic ticket, the substantive Informa- 
tion 1 61 a is information of a ticket name, an artist name, 
a venue of a performance, a date of the performance, a 

55 seat class and a seat number, a promoter, and so on. 
Namely, the user of the portable terminal 10 presents 
the information of these to an entrance/exit administra- 
tor or an entrance/exit monitor upon entrance into the 
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venue of performance whereby the user is permitted to 
enter the desired performance venue. 
[0050] The privilege information 1 61 b is more detailed 
information about the substantive information 1 61 a. For 
example, supposing the electronic value 1 61 is an elec- 
tronic ticket, it is information about an artist of a perform- 
ance admissible by the electronic ticket (an URL of an 
official website of the artist, or the like) . For simplicity, 
the privilege information 1 61 b is arranged to be included 
in the electronic value 161 itself in the present embodi- 
ment, but it is also possible to employ a configuration 
wherein the electronic value 1 61 contains a pointer in- 
dicating a storage location of the privilege information 
1 61 b and the privilege information 1 61 b itself is stored 
at the storage location indicated by the pointer. 
[0051] The access list 161c is a data list containing 
certificates indicating respective access authorities to 
the electronic value 1 61 and information that can be out- 
putted (i.e., accessible information) according to the re- 
quest for display from application programs, In corre- 
spondence with each other. Specifically, as shown in 
Fig. 4, the access list 161c has a Subject area 162c, a 
certificate type area 1 63c, and an accessible informa- 
tion area 1 64c. 

[0052] The Subject area 1 62c contains data of certif- 
icates to permit access to at least the privilege informa- 
tion (e.g., CN=aaa..., CN=bbb...) among the information 
held by the electronic value 161 shown in Fig. 3. The 
symbol in the Subject area 1 62c indicates that ac- 
cess is permitted to only "ticket name of substantive in- 
formation" even If an application program having re- 
quested display has data of any certificate. 
[0053] The certificate type area 1 63c contains data in- 
dicating types of the certificates (e.g., "certificate 2," 
"certificate 3," "certificate 1 or no certificate") stored in 
the Subject area 162c. The term "no certificate" Indi- 
cates that an application program having requested dis- 
play has neither of the certificates. 
[0054] Furthermore, the accessible information area 
164c stores accessible information by the correspond- 
ing types of certificates (e.g., "privilege information," 
"substantive information and privilege Information," 
"ticket name of substantive information"). This permits 
the IC card 1 6 to properly select information allowed to 
display by an application program, according to a type 
of a certificate held by the application program having 
requested display. 

[0055] The digital signature 1 61 d is an electronic sig- 
nature issued and added by a certification organization 
being a third party, in order to ensure the validity of the 
electronic value 161 and clearly demonstrate the place 
of origin thereof . The digital signature 1 61 d is preferably 
an encrypted signature in view of prevention of leakage. 
[0056] In the IC card 1 6, characteristic points of a fin- 
gerprint of a principal registered as a user of the IC card 
16 (normally, an owner of the portable terminal 10) are 
preliminarily registered as fingerprint Information in the 
physical information storage 1 6e. The fingerprint infor- 



mation is data of characteristic points extracted from an 
image of a fingerprint of a finger for personal identifica- 
tion. The physical information Identity determiner 1 6f of 
the IC card 16 compares and collates the fingerprint in- 

5 formation of the principal with the fingerprint information 
of the user outputted from the fingerprint reader 18 de- 
scribed hereinafter, to determine the identity of the user 
and the principal on the basis of the result thereof. This 
results in performing the personal identification of the 

10 user having made an access request to the electronic 
value 161 (e.g., a display request). 
[0057] The radio communication device 1 7 performs 
control of radio communication with a base station B. 
Specifically, the radio communication device 17 is a cir- 

15 cult having a modem (not shown) for modulating and 
demodulating signals, and a codec (not shown) for cod- 
ing and decoding signals, and is provided with an an- 
tenna A. The antenna A is retractably disposed at the 
top part of a housing of the portable terminal 10 and is 

20 used for transmission and reception of radio waves to 
and from the base station B. 

[0058] The fingerprint reader 18 is comprised of a 
reading part and an extracting part. The fingerprint read- 
er 18 is configured to extract characteristic points from 
25 an image of a fingerprint of a user's finger read by the 
reading part, according to the fingerprint authentication 
program 152 retrieved from the storage device 15, and 
to output them as fingerprint information of the user to 
the IC card 16. 

30 [0059] The sound processing device 1 9 is comprised 
of a converter, an amplifier, etc. and is provided with a 
microphone M and a speaker S. The sound processing 
device 19 is configured to convert audio data from the 
control unit 11 into analog signals by the converter and 

35 emit sound from the speaker S through the amplifier, 
during calls. The sound processing device 19 also con- 
verts audio signals from the microphone M into digital 
signals by the converter and outputs the digital signals 
to the control unit 11, during calls. 

40 [0060] The operation of the portable terminal 10 ac- 
cording to the present Invention will be described below, 
together with an access control method according to the 
present invention. Each of the following steps is imple- 
mented when the IC card 1 6 or control unit 1 1 executes 

45 a program stored in the storage device 1 5 or IC card 1 6 
shown in Fig. 1A. 

[0061] Fig. 5 is a flowchart showing the flow of the ac- 
cess control processing executed by the portable termi- 
nal 1 0. The description of the operation is based on the 
50 premise that when the IC card 1 6 is mounted in the port- 
able terminal 10, the IC card 16 and the fingerprint au- 
thentication program 152 share a private key (not 
shown) with each other. 

[0062] With a request for display of the electronic val- 
55 ue 161 stored in the IC card 16, a user authentication 
request Is first outputted from the display application 1 51 
to the fingerprint authentication program 152 (SI). The 
display request herein Is a display request from the dis- 
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play application 151, but the display request from the 
display application 151 via the control unit 11 also en- 
compasses a display request made through the input 
device 12 by the user, of course. 
[0063] When the user authentication request output- 
ted in SI is fed into the fingerprint authentication pro- 
gram 152 (S2). the fingerprint authentication program 
152 starts reading the fingerprint of the user of the port- 
able terminal 1 0 by the fingerprint reader 1 8 (S3). Char- 
acteristic points satisfying predetermined conditions are 
extracted from the image of the read fingerprint and are 
outputted as a fingerprint information item of the user to 
the IC card 16 (S4). 

[0064] When the IC card 16 receives the fingerprint 
information outputted in S4 (S5), It compares and col- 
lates the fingerprint information item of the user received 
in S5, with the fingerprint information item of the princi- 
pal preliminarily registered in the IC card 16, to deter- 
mine the identity of the fingerprint information items 
(SB). When the collation results In determining that the 
fingerprint Information items are identical with each oth- 
er, the IC card 16 generates a random number (herein- 
after referred to as "Challenge"). 
[0065] The Challenge thus generated, together with 
a user authentication success notification indicating that 
the personal identification was successfully completed, 
is outputted to the fingerprint authentication program 
1 52 (S7). On the other hand, if the collation in S6 results 
in determining that the fingerprint information Items are 
different from each other, the 10 card 16 outputs a mes- 
sage to the display application 151 (S8). This message 
Is data to notify the user that the user authentication end- 
ed in failure and the display request was rejected. 
[0066] Then the user authentication success notifica- 
tion and Challenge outputted In S7 are fed Into the fin- 
gerprint authentication program 152 (S9). Subsequent- 
ly, the fingerprint authentication program 152 generates 
a result of calculation of Challenge using the private key 
shared with the IC card 16 in advance and a predeter- 
mined one-way function (e.g., Keyed Hash, or the like) 
(the result will be referred to hereinafter as 
"Response") . The Response thus generated, together 
with the aforementioned user authentication success 
notification, is outputted to the display application 151 
(SIC). 

[0067] The display application 1 51 receives the user 
authentication success notification and Response out- 
putted in SI 0 (S1 1 ). In conjunction therewith, the display 
application 1 51 outputs a request for access to the elec- 
tronic value 1 61 , to the IC card 1 6. The access request 
Is outputted along with the above Response and with 
the digital signature 151 a and public key certificate 151b 
retrieved from the display application 151 (SI 2). 
[0068] Then the access request acquirer 16b of the 
IC card 16 receives the access request outputted along 
with the digital signature 1 51 a and public key certificate 
151b and with the Response in SI 2 (SI 3), and the IC 
card 16 starts verifying the Response (transferring to 



SI 4 in Fig. 6). The verification of Response is conducted 
with reference to the aforementioned private key that the 
IC card 1 6 shares with the fingerprint authentication pro- 
gram 152 in advance. 

5 [0069] When the verification In SI 4 results In deter- 
mining that the Response is valid, i.e., that It was gen- 
erated based on the Challenge generated by the IC card 
1 6. the IC card 1 6 then performs verification of the digital 
signature 151a (SI 5). On the other hand, if the verifica- 

10 tion In S14 results In determining that the Response is 
invalid, the IC card 1 6 outputs a message to the display 
application 1 51 (SI 6). This message is one notifying the 
user that the application program authentication ended 
in failure and the display request was rejected. 

15 [0070] When the verification in SI 5 results in deter- 
mining that the digital signature 151a Is valid, i.e., that 
it was intended for the issuer of the electronic value 1 61 , 
the authentication information validity determiner 16c of 
the IC card 1 6 compares and collates the public key cer- 

20 tiflcate 1 51 b received In S1 3, with the certificate stored 
In the Subject area 162c of the access list 161c (S17). 
On the other hand, if the verification in SI 5 results in 
determining that the digital signature 1 51 a is invalid, the 
user is notified of a message indicating that the display 

25 request was rejected (S1 8), as in the case of the process 
of S16. 

[0071 ] Furthermore, when the result of the collation in 
SI 7 is that the public key certificate 151b agrees with 
one of the certificates stored In the Subject area 162c, 
30 the accessible Information corresponding to the agreed 
certificate Is referred to from the accessible Information 
area 164c. Then the accessible Information is retrieved 
from the electronic value 161 (cf. Fig. 3) according to 
the result of the reference (SI 9). For example, suppos- 
es ing the public key certificate 1 51 b Is data Identical with 
the certificate held by the application B, the accessible 
information corresponding thereto is the substantive In- 
formation and privilege information. Therefore, the sub- 
stantive infomnation 161a and privilege information 
40 161b Is retrieved as display target data from the elec- 
tronic value 161. 

[0072] On the other hand, If the result of the collation 
in SI 7 is that the public key certificate 151b disagrees 
with all the certificates stored in the Subject area 1 62c 

45 of the access list 161c, the accessible information cor- 
responding to (I.e., the ticket name of the substantive 
Information) Is retrieved from the substantive Informa- 
tion 1 61 a of the electronic value 1 61 . The portable ter- 
minal may also be configured in a configuration wherein 

50 when the public key certificate 151b disagrees with all 
the certificates stored in the Subject area 1 62c, ames- 
sage indicating that the display request was rejected is 
outputted to the display application 1 51 , as indicated in 
S20. 

55 [0073] The substantive information output 1 6d of the 
IC card 1 6 outputs the accessible information retrieved 
from the electronic value 161 in SI 9, to the display ap- 
plication 151 (S21). Here the sequential processing of 
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SI 4 to S21 is executed inside the IC card 1 6 with tamper 
resistance, for the purpose of ensuring the reliability of 
the user authentication and application authentication. 
[0074] Then the accessible information outputted in 
S21 is fed into the display application 151 , and the dis- 
play application 151 makes the display device 14 of the 
portable terminal 10 display it (S22). For example, sup- 
posing the accessible information outputted in S21 is the 
substantive tnfomriation, the user of the portable termi- 
nal 1 0 is allowed to enter the desired venue or facility 
by presenting the substantive information. 
[0075] As described above, the portable terminal 10 
according to the present invention is configured so that 
the IC card 16 comprises the electronic value storing 
means, request acquiring means, verifying means, and 
output means. The request acquiring means acquires 
the display request from the display application 151 to 
the electronic value 161 stored in the electronic value 
storing means, along with the digital signature 1 51 a and 
the public key certificate 151b (corresponding to the ap- 
plication authentication information) . The verifying 
means determines the validity of the digital signature 
1 51 a and the public key certificate 1 51 b in accordance 
with the above display request acquired by the request 
acquiring means. When the verifying means determines 
that the digital signature 151a and the public key certif- 
icate 1 51 b are valid, the output means outputs the sub- 
stantive information 1 61 a to the display application 1 51 . 
[0076] Namely, the IC card 16 admits the display re- 
quest from the application program with the valid digital 
signature and public key certificate, but rejects the dis- 
play request from the application program without the 
valid digital signature and the public key certificate. This 
enables the IC card 1 6 to control the access to the elec- 
tronic value 161 according to the application programs 
and thus makes it feasible to implement the storage and 
readout of the electronic value while maintaining high 
security. 

[0077] More specifically, the electronic value 1 61 itself 

stored in the 10 card 16 is provided with the access list 
161c, which enables the access control (including ex- 
clusive access control) similar to that in the case where 
access rights are set in electronic value units. The dis- 
play application 1 51 is arranged to bear the digital sig- 
nature 151a and the public key certificate 151b, which 
enables the access control similar to that in the case 
where access rights are set in application program units. 
Furthemiore, the Response reflecting the result of the 
determination of identity of fingerprint information is 
used in the user authentication, which enables the ac- 
cess control similar to that in the case where access 
rights are set in user units. 

[0078] Here the storage of the electronic value 1 61 in 
the IC card 16 presents the following advantage, as 
compared with the case where the electronic value 1 61 
is stored in the storage device 15. Namely, since the IC 
card 16 is detachably mounted in the portable terminal 
10. the IC card 16 can be mounted in another portable 



terminal, whereby the access control function to the 
electronic value 1 61 can also be applied to the other 
portable terminal. The function like this is particulariy ef- 
fective in the case where the user selectively uses a plu- 
5 rality of portable terminals according to uses or circum- 
stances and where an application program that can dis- 
play the electronic value 1 61 is installed in only one port- 
able terminal. 

[0079] It is noted herein that the contents of the de- 

10 scription in the present embodiment are just a preferred 
example of the portable terminal according to the 
present invention and the invention is not limited to this 
example. A display application 1 52 stored in the storage 
device 15 of the portable terminal 10, which is a modi- 

15 f ication of the present emtxDdiment, will be described be- 
low with reference to Fig, 7. As shown in Fig. 7, the dis- 
play application 152 further has an attribute certificate 
1 52e, in addition to the digital signature 1 52a and public 
key certificate 152b. 

20 [0080] The digital signature 1 52a and public key cer- 
tificate 152b are much the same as the digital signature 
151a and public key certificate 151b, which were de- 
scribed with reference to Fig. 2, and thus the description 
thereof is omitted herein. The attribute certificate 152e 

25 is a known attribute certificate issued by a certification 
organization different from the issuer of the public key 
certificate 152b and defined according to the predeter- 
mined specification (e.g., the specification of X.509) set 
by ITU-T, as in the case of Extension 152c. The attribute 

30 certificate 1 52e contains a description of information to 
enable reference to the public key certificate 152b. 
[0081] The portable terminal 10 refers to privilege in- 
fomnation 1 52f of the attribute certificate 1 52e on the oc- 
casion of executing the collation process between the 

35 certificate and the access list (SI 7 in Fig. 6). If the priv- 
ilege information is described In Extension 152c, the 
privilege information is fixed within a period of validity of 
the public key certificate 152b. For this reason, in order 
to modify the contents of the description of the privilege 

40 Information, there is need for a procedure of reissuing 
the public key certificate. In contrast to It, the attribute 
certificate 1 52e allows the user to set a period of validity 
independent of the public key certificate 152b, and thus 
the privilege information described therein Is readily 

45 modified. 

[0082] The portable terminal 10 may be a PDA (Per- 
sonal Digital Assistance) or a cellular phone having a 
(JIM (User Identity Module) or'an SIM (Subscriber Iden- 
tity Module) as an IC card on a detachable basis. The 
50 IC card can be any electronic device with tamper resist- 
ance, and there are no specific restrictions on the shape 
thereof. 

[0083] Described last are a program for implementing 
the access control technology according to the present 
55 invention and a computer-readable recording medium 
(hereinafter referred to simply as "recording medium") 
in which the foregoing program is recorded. The record- 
ing medium Is a medium that can induce change states 
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of energy such as magnetism, light, electricity, or the like 
according to the description contents of a program 
against a reading device installed as one of hardware 
resources of general-purpose computers or the like and 
that can transmit the description contents of the program 
to the reading device in the format of signals corre- 
sponding to the change states. Such recording media 
Include, for example, those detachably mounted on the 
computers (including the portable terminals. PHS termi- 
nals, etc.) like the IC cards of UIM and others, magnetic 
disks, optical disks, and magnetooptical disks, and non- 
volatile semiconductor memories such as HDs (Hard 
Disks) fixedly incorporated in the computers, firmware 
integrally fixed in the computers, and so on. 
[0084] The above program may be configured so that 
part or the whole thereof is transmitted through a trans- 
mission medium such as a communication line or the 
like from another device to be received by the radio com- 
munication device of the portable terminal according to 
the present invention and recorded therein. Conversely, 
the above programmay also be configured to be trans- 
mitted from the portable terminal according to the 
present invention through the transmission medium to 
another device to be installed therein. 
[0085] From the invention thus described, it will be ob- 
vious that the embodiments of the invention may be var- 
ied in many ways. Such variations are not to be regarded 
as a departure from the spirit and scope of the invention, 
and all such modifications as would be obvious to one 
skilled in the art are intended for inclusion within the 
scope of the following claims. 

Claims 

1. An IC card comprising: 

electronic value storing means for storing an 
electronic value; 

request acquiring means for acquiring an ac- 
cess request from an application program to the 
electronic value stored in said electronic value 
storing means, along with application authenti- 
cation information held by the application pro- 
gram; 

verifying means for determining validity of the 
application authentication information in ac- 
cordance with the access request acquired by 
said request acquiring means; and 
output means for outputting substantive infor- 
mation of said electronic value to said applica- 
tion program when said verifying means deter- 
mines that said application authentication infor- 
mation is valid. 

2. The IC card according to Claim 1 , wherein said ap- 
plication authentication information includes a dig- 
ital signature and a public key certificate. 



3. The IC card according to Claim 2, wherein said ap- 
plication authentication information further includes 
an attribute certificate. 

5 4. The IC card according to Claim 1 . further compris- 
ing: 

physical information storing means for storing 
a physical information item indicating a physical 
10 feature of a principal; and 

determining means for collating the physical in- 
formation item stored in said physical informa- 
tion storing means, with a physical information 
item of a user having made said access re- 
's quest, to determine the identity of the physical 
information items. 

wherein when said determining means deter- 
mines that said physical information items are iden- 
20 tical with each other, said request acquiring means 
acquires user authentication information reflecting 
the result of the determination, 

wherein said verifying means determines va- 
lidity of the user authentication information in ac- 
25 cordance with the access request acquired by the 
request acquiring means, and 

wherein when the verifying means deter- 
mines that the user authentication information is 
valid, said output means outputs the substantive in- 
30 formation of said electronic value to said application 
program. 

5. The IC card according to Claim 4. wherein said 
physical information items are fingerprint informa- 

35 tion items. 

6. The IC card according to Claim 1 , wherein said ac- 
cess request Is a request for display of the substan- 
tive information, and 

40 wherein said output means makes display 

means display the substantive information of the 
electronic value in accordance with said display re- 
quest. 

45 7. The IC card according to Claim 6, wherein said elec- 
tronic value is an electronic ticket. 

8. The IC card according to Claim 1 , wherein said elec- 
tronic value storing means possesses tamper re- 

50 sistance. 

9. A portable terminal comprising: 

the IC card as set forth in Claim 1 , said IC card 
55 being detachably mounted; and 

application program storing means in which 
said application program is stored. 
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10. An access control method in which an IC card ac- 
quires an access request from an application pro- 
gram, said access control method comprising: 

a request acquiring step wherein said IC card 5 
acquires the access request from the applica- 
tion program to an electronic value stored in 
electronic value storing means of the IC card, 
along with application authentication informa- 
tion held by the application program; io 
a verifying step wherein said IC card deter- 
mines validity of the application authentication 
information in accordance with the access re- 
quest acquired in said request acquiring step; 
and '5 
an output step wherein when it is determined in 
the verifying step that the application authenti- 
cation information is valid, the IC card outputs 
substantive information of the electronic value 
to the application program. 20 
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